March 25, 2015

Bluetooth is part of many aspects of our lives. From garage openers to headsets, speakers to gaming consoles. A lot of Wireless communication is via Bluetooth. Now a lot of the modern smart phones implement Bluetooth security. However what about all those 3rd. party vendors who just want to push their products to market, neglecting heavy security? And what about older phone models. By far not everyone has an iPhone, Samsung or Android.

In fact a lot of people and businesses have older phones like Nokia, Motorola etc. Those ones can be quite small in size and are the preferred choice for on-call people, work phones for guards on premises etc.

A lot of the Bluetooth devices lack on security and they can be infiltrated in a matter of seconds. From reading out confidential information, address books or even placing rogue phone calls. A lot of damage can be done here.

We can only advice to turn Bluetooth off whenever it’s not in use. Unfortunately we find in our Pentests that a lot of people leave it on all the time. Not only does it drain the battery, but it also allows someone in the proximity to silently hack in. With the introduction of Ubertooth One (a USB monitoring device for an affordable $100 USD) things haven’t gone better.

This video we have found on Youtube, demonstrates how easy BT can be compromised: